[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Attack on my server
- Subject: Re: [cobalt-users] Attack on my server
- From: Alfredo <alfredo@xxxxxxxxxxxxxxx>
- Date: Sat Dec 30 21:30:01 2000
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
After long conversations with cobalt and watching the incredible amount of
Apache servers that continue to spawn on my server while watching "top" from
telnet. We strongly believe that we are under attack through sym_flood or
some other flood attempt. In looking at my netstats I see that not only are
there a few sym_recv coming through I also have a really unusual amount of
time_wait as well. It is very important that I get this site up and running
soon. Please help.
Leslie!
I just checked your site and then did another check on a couple of
password crack sites. Although yours is a tasteful and professional
photography site, you are being listed as an "adult content" site by
"password cracker" sites all over the Internet! That would produce
lots of hits with the user/pass combo since all these sites actually
share the same information and your auth scheme may be choking since
lots of people are trying to get in there with that same user/pass
combo.
You say on your home page that you DO have some nudity on the site
and that wording is enough to draw cracker spiders and start the
feeding frenzy! I always check those cracker sites when we have a
problem like this one because we got burned with a site very similar
to yours (top notch photographer's portfolio with a "pro" member's
section for sharing tips and all that). She just wanted to warn
parents that she did have a couple of nudes on the site! Best
intentions...! The spiders caught the word "nudity" and her site was
down in a few hours!
All WE did was have her change the url of the members' section and
that helped hugely because it didn't trigger the authorization
programs anymore and eliminated time-outs. After a day or so, the
crack sites no longer bothered her and our server was purring away at
full speed.
Not sure that this is your only problem or if it's the best solution
but I just thought it would be a good idea to let you know.
Alfredo
--
People-Link/Institute for Mass Communications
www.people-link.org
Communications for a Better World...and for the People Who are Building One!
Members, Local 1180, Communications Workers of America, AFL-CIO